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DETAILED ACTION 

Continued Examination Under 37 CFR 1.114 

1 . A request for continued examination under 37 CFR 1 . 1 1 4, including the fee set 
fortli in 37 CFR 1 .17(e), was filed in this application after final rejection. Since this 
application is eligible for continued examination under 37 CFR 1.114, and the fee set 
forth in 37 CFR 1.17(e) has been timely paid, the finality of the previous Office action 
has been withdrawn pursuant to 37 CFR 1.114. Applicant's submission filed on July 05, 
2006 has been entered. 

Claim Rejections - 35 USC § 103 

2. The following is a quotation of 35 U.S. C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject nnatter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

3. Claims 13-16, 18-22 and 25-30 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Vairavan, U.S. Patent Application Publication No. 2002/0083344 
(hereinafter Vairavan), in view of Wang et al., U.S. Patent No. 6,538,997 (hereinafter 
Wang). 
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4. With respect to claims 22 and 1 3, Vairavan teaches a method of managing a 
network [see abstract and fig.1], said method comprising: 

" accessing a database of a stored physical topology of said network to obtain 

authorized address at host ports of switches [paragraphs 0074-0084 i.e. a 

security policy database]; 

■ configuring a switch in said network to forward a packet received at a first port 
[120, 125 and 130] if an address associated with said packet is authorized for 
said first port [paragraphs 0054-0060]; 

■ comparing a set of learned addresses against set of expected addresses, 
said learned addresses comprising addresses associated with packets 
processed at a second port [115a-g], said expected addresses derived from 
an expected configuration of said network [paragraphs 0059-0060 and 0086- 
0101]. 

However, Vairavan does not explicitly show tracing a topology of said network to 
find a third port where an unexpected address entered said network, said third port 
coupled to a device having a media access control (MAC address) that is said 
unexpected address. 

In a method of managing a network, Wang suggests or discloses tracing a 
topology of said network [i.e. tracing of the computer network, col.1 , lns.1 1 -32 and col. 5, 
In. 9 - col.6, ln.65] to find a third port where an unexpected address entered said 
network, said third port coupled to a device having a media access control (MAC 
address) [i.e. the determination of which port a particular MAC address Is reachable. 
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For example, Wang suggests if ports do not reachable, the frame is flooded over all 
outgoing non-blocked ports, col.6, lns.50-65]. 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify Vairavan in view of Wang by tracing a 
topology of said network to find a third port where an unexpected address entered said 
network, said third port coupled to a device having a media access control (MAC 
address) that is said unexpected address because this feature is a consequence of the 
topologies being aligned [Wang, col.6, lns.63-65]. It is for this reason that one of 
ordinary skill in the art at the time of the invention would have been motivated in order to 
gather specific diagnostic information relating to a particular path through the switched 
network [Wang, col.6, lns.20-21]. 

5. With respect to claim 25, Vairavan further teaches said configuring the switch 
further comprises configuring the switch to drop said packet if said address is not 
authorized [paragraph 0132]. 

6. With respect to claims .18 and 26, Vairavan further teaches said configuring the 
switch comprises programming the switch in said network to recognize authorized 
address for said first port [paragraphs 0054-0060]. 

7. With respect to claim 27, Vairavan further teaches said configuring the switch 
further comprises configuring the switch to forward said packet to a host device [215 i.e. 
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system processor] if said address is authorized for said first port, said first port coupled 
to said host device [paragraphs 0054-0060]. 

8. With respect to claim 28, Vairavan further teaches said method further 
comprising: determining changes in physical topology of said network [paragraphs 

0060 and 0086-0088]. 

9. With respect to claim 29, Vairavan further teaches said determining changes in 
physical topology comprises comparing a physical description of said network with said 
stored physical topology of said network [paragraphs 0060 and 0086-0088]. . 

1 0. With respect to claims 30, Vairavan further teaches said address is a media 
access control (MAC) address and wherein said network comprises a virtually-wired 
switching fabric [fig. 2]. 

1 1 . With respect to claims 14-1 5, Vairavan further teaches said network is a virtually- 
wired switching network [fig.1] and said first port couples switches in said network and 
said second port is couple to a host device [paragraphs 0046-0054]. 

1 2. With respect to claim 1 6, Vairavan further teaches said method further 
comprises: taking corrective action at said second port, wherein said second port is. 
coupled to a host device [paragraphs 0069-0071]. 
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1 3. With respect to claim 1 9, Vairavan further teaches of said method is repeated for 
each interconnect port in said network, wherein said network comprises a plurality of 
switches [paragraph 0069 and fig. 1 ]. 

1 4. With respect to claim 20, Vairavan further teaches said method further 
comprises: determining changes in physical topology of said network [paragraphs 
0059-0060 and 0086]. 

1 5. With respect to claim 21 , Vairavan further teaches of said method comprises 
comparing a physical description of said network with a stored physical description of 
said network [paragraphs 0073-0088]. 

1 6. Claims 1 7 and 24 are rejected under 35 U.S.C. 1 03(a) as being unpatentable 
over Vairavan in view of Wang as applied to claims 13 and 22 above, and further in 
view of Holloway et al., U.S. Patent No. 5,805,801 (hereinafter Holloway). 

1 7. With respect to claims 1 7 and 24, Vairavan further teaches the method further 
comprising: said network is a virtually-wired switching fabric [fig. 2] and said third port Is 
at the edge of said fabric [paragraphs 0068-0070]. 

However, Vairavan does not explicitly show disabling said third port. 
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In a method of managing a network, Holloway discloses disabling a port [col. 3, 
lns.3-25]. 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify Vairavan in view of Wang, and further in view 
of Holloway by disabling the port because this feature not only provides for detection of 
security intrusions, but also provides the proactive actions needed to stop the 
proliferation of security intrusions over the domain [Holloway, col.2, lns.41-45]. It is for 
this reason that one of ordinary skill in the art at the time of the invention would have 
been motivated in order to filter on their respective ports against the intruding 
unauthorized address [Holloway, see abstract]. 

18. Claims 31-38 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Vairavan in view of Wang, and further in view of Holloway. 

1 9. With respect to claim 31 , Vairavan teaches a network comprising: 

■ a plurality switches [paragraphs 0047-0048]; 

■ said switches interconnected and configured to control communication 
between a plurality of devices coupled to said network [fig.1]; 

■ a database having stored therein a stored physical topology of said network 
and authorized addresses associated with packets processed at ports of said 
switches, wherein said authorized addresses are based on said stored 
physical topology [paragraphs 0074-0084 i.e. a security policy database]; 
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However, Vairavan does not explicitly show a configuration agent that is able to 
program said switches based on said authorized address to detect a packet having an 
unauthorized address; and a management agent that is able to: compare addresses 
learned by said switches against said authorized addresses to determine an 
unauthorized address. 

In a method of managing a network, Wang suggests or discloses tracing a 
topology of said network [i.e. tracing of the computer network, col.1 , Ins. 1 1-32 and col. 5, 
ln.9 - col.6, ln.65] to find a third port where an unexpected address entered said 
network, said third port coupled to a device having a media access control (MAC 
address) [i.e. the determination of which port a particular MAC address is reachable. 
For example, Wang suggests if ports do not reachable, the frame is flooded over all 
outgoing non-blocked ports, col.6, lns.50-65]. 

Therefore, it would have been obvious to one of ordinary skill in the art at the 
time of the invention was made to modify Vairavan in view of Wang by tracing a 
topology of said network to find a third port where an unexpected address entered said 
network, said third port coupled to a device having a media access control (MAC 
address) that is said unexpected address because this feature is a consequence of the 
topologies being aligned [Wang, col.6, lns.63-65]. It is for this reason that one of 
ordinary skill in the art at the time of the invention would have been motivated in order to 
gather specific diagnostic information relating to a particular path through the switched 
network [Wang, col.6, lns.20-21]. 
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Further, Holloway discloses a configuration agent that is able to program said 
switches based on said authorized address to detect a packet having an unauthorized 
address [col.3, lns.30-43 and col.4, ln.46 - col.5. In. 12]; and a management agent that is 
able to: compare addresses learned by said switches against said authorized addresses 
to determine an unauthorized address [col.7, lns.7-68 and col.3, lns.37-39], in a 
communication system. 

Thus, it would have been obvious to one of ordinary skill in the art at the time of 
the Invention was made to modify Vairavan in view of Wang, and further in view of 
Holloway by adding a configuration agent and management agent because this feature 
this feature not only provides for detection of security intmsions, but also provides the 
proactive actions needed to stop the proliferation of security intrusions over the domain 
[Holloway, col.2, lns.41-45]. It is for this reason that one of ordinary skill in the art at the 
time of the invention would have been motivated in order to send an alert frame to the 
functional address [Holloway, col. 8, Ins. 18-1 9]. 

20. With respect to claim 32, Vairavan further teaches said switches are further 
configured to forward said packet if said address is authorized [paragraphs 0054-0060]. 

21 . With respect to claim 33, Vairavan further teaches said switches are further 
configured to drop said packet if said address is not authorized [paragraph 0132]. 



Application/Control Number: 10/005.066 Page 10 

Art Unit: 2151 

22. With respect to claim 34, Vairavan further teaches there is a one-to-one mapping 
between ports of said switches [paragraphs 0047-0049]. 

23. With respect to claim 35, Vairavan further teaches said addresses are medium 
control access (MAC) addresses [fig.2]. 

24. With respect to claim 36, Vairavan further teaches said network comprises a 
virtually-wired switching fabric [fig.2]. 

25. With respect to claim 37, Vairavan further teaches said management agent is 
further able to determine changes in said physical topology of said network and to 
update said stored physical topology and authorized addresses in said database based 
on said changes [0054-0060]. 

26. With respect to claim 38, Vairavan further teaches said configuration agent is 
further able to re-program said switches based on said updates to said authorized 
addresses [paragraphs 0054-0060]. 

Response to Arguments 

27. Applicant's arguments with respect to claims 13-22 and 24-38 have been 
considered but are moot in view of the new ground(s) of rejection. 
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Conclusion 

28. Any inquiry concerning this communication or earlier communications from tlie 
examiner should be directed to Nghi V. Iran whose telephone number is (571 ) 272- 
4067. The examiner can normally be reached on Monday-Friday. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Zarni Maung can be reached on (571 ) 272-3939. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Nghi V Tran 
Patent Examiner 
Art Unit 21 51 

NT 



